Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

DNS issues WIth TZ 270

DisconnectedDisconnected Newbie ✭
in Entry Level Firewalls

For a TZ 270 we have if a user gets external DNS sent from the firewall or statically set the same, they get frequent "This site can't be reached" DNS_Probe_Finished_NXDomain"

To see if it would help, I under Policy, DNS Rules, I added proxy UDP only, for each of the local zones (LAN, DMZ1, DMZ2) & enabled DNS proxy cache and Enforce DNS proxy for All DNS requests.

I'm still getting a bunch of this site can't be reached. DNS IPs at pointed to DNSfilter IPS (though I did test Cloudflare's, but same results).

What works? If I tunnel DNS requests from a system so they're not going through port 53 everything runs fast with no issues. So I can't tell, what the Sonicwall is doing, but clearly its interfering.

Addendum:

-Split DNS servers not enabled

-DNS security: White list not enabled, DNS Sinkhole service is not enabled,

SonicOS 7.1.2-7019

I'm not familiar with the new interface, so I'm clearly overlooking something.

If someone has any ideas as to how I can isolate it, I love to hear. I ran some packet captures, but not sure what I should be looking for to isolate the root cause.

Thanks!

Category: Entry Level Firewalls
Reply
Sign In or Register to comment.